Skip to content

Bump go-git/go-git/v5 from 5.19.0 to 5.19.1#12

Open
tomer-stripe wants to merge 1 commit into
masterfrom
fix/dependabot-go-git-v5.19.1
Open

Bump go-git/go-git/v5 from 5.19.0 to 5.19.1#12
tomer-stripe wants to merge 1 commit into
masterfrom
fix/dependabot-go-git-v5.19.1

Conversation

@tomer-stripe

Copy link
Copy Markdown
Contributor

Summary

  • Bumps github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 to resolve two Dependabot security alerts

Vulnerabilities fixed

  • Medium: Crafted repositories may modify main and submodule .git directories
  • Low: Improper single-quote escaping in go-git SSH transport

This is a transitive dependency (pulled in via stripe-cli which uses go-git for version detection). Not used directly by the bootstrap.

🤖 Generated with Claude Code

Fixes two security advisories (medium + low severity):
- Crafted repositories may modify main and submodule .git directories
- Improper single-quote escaping in SSH transport

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Committed-By-Agent: claude
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant